(1) Field of the Invention
The present invention relates to an access control method to an external device of a computer in a system including plural computers which execute a virtual computer.
(2) Description of the Related Art
Progress of virtualization technology has realized the functions which could not be accomplished with the constitution of the computing system in the past. One of the functions includes migration technology of a virtual computer. This is technology which migrates the virtual computer executed on a certain physical computer so as to make the virtual computer executable on the virtualization mechanism of other physical computers.
Generally, in order to realize the migration of a virtual computer, it is necessary to prepare a storage device and a network as external devices which are accessible from both related computers.
On the other hand, the function to restrict the access to a volume in the storage device and to the network is also utilized for the improvement in security. When such an access control function is utilized, it is common to set up an access restriction with the use of the name and address of a source which issues access to a resource.
A virtual computer may have the name and address related to access control to an external resource. Furthermore, it is common to migrate the name and address together with the migration of the virtual computer. Since the name and address are migrated together with the virtual computer, the access control functions satisfactorily, even if a setup of a switch or a storage device is not updated in time with the migration of the virtual computer.
As technology of assigning such a name and an address to a virtual computer, there is N-Port ID Virtualization (NPIV) of a Fibre Channel in storage, for example. (Refer to “NPIV Functional Profile”, (online), issued on Aug. 1, 2002, INCITS (InterNational Committee for Information Technology Standard) Technical Committee T11, retrieved on Feb. 20, 2009 on the Internet (URL:http: //www.tll.org/ftp/tll/pub/fc/da/02-338vl.pdf), and “FC-DA Technical Report”, pp. 43-49, (online), issued on Aug. 3, 2004, INCITS (InterNational Committee for Information Technology Standard) Technical Committee T11, retrieved on Feb. 20, 2009 on the Internet (URL:http: //www.tll.org/ftp/tll/pub/fc/da/04-202vA.pdf)). NPIV is technology for virtualizing the address on SAN (Storage Area Network) which is a network coupled to a storage device. A port of a Fibre Channel Adapter (a Host Bus Adapter, abbreviated as HBA) mounted in a computer is given an identifier called a WWN (World Wide Name). A Fibre Channel network (a storage network, fabric) configured with a Fibre Channel switch gives a network address called a port ID which is effective within the fabric, to a port of equipment coupled to the fabric, and performs routing of the data using the port ID. NPIV makes it possible to give plural WWNs and the corresponding port ID to a port of equipment. When NPIV is utilized, the virtualization mechanism can give a virtual WWN to a virtual HBA included in a virtual computer, accordingly, it is possible to utilize the access control of a Fibre Channel switch or a storage device.